Android + BackTrack Chroot
The following tutorial will demonstrate how to run Backtrack Linux in an Android chroot environment. It should work on most Android devices that support at least ARMv7 architecture or newer.
Download BackTrack ARM edition
http://www.backtrack-linux.org/downloads/
You can download via torrent or direct, the rest of the settings should look like this:
Image Name: BT5-GNOME-ARM [.torrent | .7z]
Size (MB): 1060
Desktop: GNOME
Architecture: arm
Image: IMG
Download: [Direct | Torrent]
MD5sum: a66bf35409f4458ee7f35a77891951eb
Extract the contents using 7zip (apt-get install p7zip if you don’t have it installed)
cd BT5-GNOME-ARM/
7z x BT5-GNOME-ARM.7z
The output should look like this:
Processing archive: BT5-GNOME-ARM.7z
Extracting BT5-GNOME-ARM/bootbt
Extracting BT5-GNOME-ARM/busybox
Extracting BT5-GNOME-ARM/fsrw
Extracting BT5-GNOME-ARM/mountonly
Extracting BT5-GNOME-ARM/README
Extracting BT5-GNOME-ARM/unionfs
Extracting BT5-GNOME-ARM/bt5.img.gz
Extracting BT5-GNOME-ARM/installbusybox.sh
Extracting BT5-GNOME-ARM
Everything is Ok
Folders: 1
Files: 8
Size: 1165198387
Compressed: 1142317778
Next we will shell into the device and create a directory on the external storage to hold the image and scripts
cd BT5-GNOME-ARM/
./adb shell
mkdir /sdcard/bt
exit
### DO THIS IF YOU DONT HAVE BUSYBOX ###
If you have a custom ROM like Cyanogenmod installed, its VERY likely you can skip this step. What to know for sure? ADB shell into the device, and type ‘which busybox’ at the terminal prompt. If it shows a path, like ‘/system/xbin/busybox’ its already installed. Otherwise, copy over the busybox install files with ADB:
./adb push busybox /sdcard/
./adb push installbusybox.sh /sdcard
Run the busybox install script on the device:
./adb shell
su
cd /sdcard/
sh installbusybox.sh
exit
### END BUSYBOX INSTALL ###
Use ADB to push the compressed BackTrack image to the sdcard:
./adb push bt5.img.gz /sdcard/bt/
Clone the scripts from my github repo:
git clone git://github.com/mitchtech/chroot_android.git -b bt
cd chroot_android
tar -cvf bt.tar *
./adb push bt.tar /sdcard/bt/
Install BackTrack
ADB shell into the device
./adb shell
Get root and change into the BackTrack directory
su
cd /sdcard/bt
Uncompress the image and scripts:
gunzip bt5.img.gz
mv bt5.img bt.img
tar -xvf bt.tar
Next run the installer script.
sh ./installbt.sh
Now, to start BackTrack type ‘startbt’. Once BackTrack started, to gain shell type ‘bt’. To shutdown type ‘stopbt’.
startbt
bt
If all goes well, you’ll be in the BackTrack chroot. If you get ‘[email protected]:/#’ then you know it’s working!
[email protected]:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip cisco enumeration forensics python sniffers tunneling web
Post-Install
To start networking in Backtrack 4 final issue the following command:
/etc/init.d/networking start
This will attempt to start all the interfaces in the /etc/network/interfaces file.
Now we can update the system with apt-get
apt-get update
apt-get dist-upgrade
Finally, add the following to .bashrc. For example, vi ~/.bashrc
cd ~
PATH=$PATH:/root/bin
export USER=root
Connect to the chroot install with VNC
You will need to download any VNC client to connect to the Backtrack session. I use androidVNC, but any VNC client should work as long as the settings are correct. Start a vncserver session with the geometry of the device
vncserver -geometry 850×480
Then connect to the session with the following settings.
Nick : bt (or whatever you want)
address : localhost
port : 5901
password : 12345678
Touch Mouse; D-Pad Pan;
Mouse pointer control mode: TouchPad
Bug Fixes
If you encounter an error from upstart like this:
start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
invoke-rc.d: initscript resolvconf, action “start” failed.
dpkg: error processing resolvconf (–configure):
subprocess installed post-installation script returned error exit status 1
Issue these two commands:
dpkg-divert –local –rename –add /sbin/initctl
ln -s /bin/true /sbin/initctl
Then re-configure dpkg:
dpkg –configure -a
Android + Linux Chroot + Common Problems
Corrupted Filesystem
Problem: ext2 Distribution Image
Explanation: If you formated the distribution partition as ext2 then chances are you will have a filesystem corruption. The trouble is fsck doesn’t come with busybox and it’s hard to run fsck on your root filesytem while mounted. The solution is to mount the distribution image from another linux machine and run fsck.
Solution:
Disable USB debugging on your phone.
Plug your phone into a linux box.
Enable USB storage.
losetup /dev/loop0 /media//debian/debian.img
losetup /dev/loop0 /media//ubuntu/ubuntu.img
fsck /dev/loop0
losetup -d /dev/loop0
Eject the phone
OpenSSH Server
Problem: After installing openssh-server bash ./bootdebian or ./bootubuntu console displays I have no [email protected]:/etc#
Explanation: openssh-server crashed in the middle of installing. Part of the installation process involves moving /etc/passwd to /etc/passwd-.
Solution: The device might reboot after running dpkg.
mv /etc/passwd- /etc/passwd
mv /etc/shadow- /etc/shadow
dpkg –configure -a
Problem: Starting sshd reboots phone (G1)
Explanation: Android doesn’t like ipv6
Solution: Add the below line to both /etc/ssh/ssh_config and /etc/ssh/sshd_config
AddressFamily inet
Problem: PTY allocation request failed on channel 0
Explanation: sshd reports:
openpty: No such file or directory
session_pty_req: session 0 alloc failed
Solution:
/sbin/MAKEDEV pts
mount /dev/pts
Problem: sshing to the phone simply hangs (G1)
Explanation: Something to do with if proc doesn’t exist then selinux is used and selinux doesn’t really exist on android.
Solution: Add the below line to /root/.bashrc
mount -t proc proc /proc
Alternative Solution: Add the below line to /root/.bashrc
none /proc proc defaults
Android + Linux Chroot + Node.js
This article will walk you through how to compile, from source, node.js on Android. After installing node.js on about 4 different devices (Thunderbolt, Incredible, two G1’s, Galaxy S) I decided to compile this tutorial.
Prerequisites
- Android running Debian in a chroot(ed) environment.
- Environment contains the necessary path(s)
vim /etc/bashrc
PATH=$PATH:/usr/local/bin
Swap File (G1 only?)
The RAM in both the Incredible and Thunderbolt are sufficient to compile node.js. The G1 however, requires a swap file to supplement the small amount of RAM to successfully compile node.js. The gcc compilation failed when I tried a swap fall as small as 64 MB. 512MB swap file was used for a successful compilation.
524388 MB swap file
dd if=/dev/zero of=/swapfile1 bs=1024 count=524388
mkswap /swapfile1
chmod 0600 /swapfile1
swapon /swapfile1
vim /etc/fstab
/swapfile1 swap swap defaults 0 0
Node.js and Dependencies
- Download dependencies
- Download the node.js source and checkout a version known to work
- Patch, configure, and make
apt-get install git-core
apt-get install python g++ libssl-dev make pkg-config
./configure
make
make install
git clone https://github.com/joyent/node.git
cd node
git checkout v0.6.8
To patch node.js source create a file in the node root directory called patch and paste one of the following diff’s. Next, run patch < patch.
G1 Patch
diff –git a/deps/v8/SConstruct b/deps/v8/SConstruct
index 1dcdce4..a5aaf50 100644
— a/deps/v8/SConstruct
+++ b/deps/v8/SConstruct
@@ -79,7 +79,7 @@ LIBRARY_FLAGS = {
},
‘gcc’: {
‘all’: {
– ’CCFLAGS’: [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’],
+ ’CCFLAGS’: [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’,’-march=armv5t’,’-mno-thumb-interwork’],
‘CXXFLAGS’: [‘-fno-rtti’, ‘-fno-exceptions’],
},
‘visibility:hidden’: {
@@ -154,12 +154,12 @@ LIBRARY_FLAGS = {
},
‘armeabi:softfp’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=0’],
– ’vfp3:on’: {
– ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
– },
– ’simulator:none’: {
– ’CCFLAGS’: [‘-mfloat-abi=softfp’],
– }
+# ’vfp3:on’: {
+# ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
+# },
+# ’simulator:none’: {
+# ’CCFLAGS’: [‘-mfloat-abi=softfp’],
+# }
},
‘armeabi:hard’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=1’],
Galaxy S Patch
diff –git a/deps/v8/SConstruct b/deps/v8/SConstruct
index 1dcdce4..a5aaf50 100644
— a/deps/v8/SConstruct
+++ b/deps/v8/SConstruct
@@ -79,7 +79,7 @@ LIBRARY_FLAGS = {
},
‘gcc’: {
‘all’: {
– ’CCFLAGS’: [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’],
+ ’CCFLAGS’: [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’,’-march=armv5t’],
‘CXXFLAGS’: [‘-fno-rtti’, ‘-fno-exceptions’],
},
‘visibility:hidden’: {
@@ -154,12 +154,12 @@ LIBRARY_FLAGS = {
},
‘armeabi:softfp’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=0’],
– ’vfp3:on’: {
– ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
– },
– ’simulator:none’: {
– ’CCFLAGS’: [‘-mfloat-abi=softfp’],
– }
+# ’vfp3:on’: {
+# ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
+# },
+# ’simulator:none’: {
+# ’CCFLAGS’: [‘-mfloat-abi=softfp’],
+# }
},
‘armeabi:hard’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=1’],
Node.js Libraries
Installing the below libraries are optional. This section is included for users that wish to setup node.js to control an arduino powered laser turret.
npm install express
npm install socket.io
npm install jquery
Android + Ubuntu Chroot
Here is a quick overview of the process to create a Ubuntu system image that is bootable with Android chroot. It uses the rootstock utility to setup the initial image, including release version, username/password, image size, as well as to seed the desired packages to be pre-installed with the distro. For complete options with rootstock, consult the man pages.
Quickstart:
mkdir ubuntu
cd ubuntu
sudo rootstock \
–fqdn ubuntu \
–login ubuntu \
–password ubuntu \
–imagesize 4G \
–dist maverick \
–seed linux-image-omap,build-essential,mysql-server,tightvncserver,lxde,\
mysql-server-core-5.5,mysql-server-5.5,libmysqlclient16,mysql-common,\
mysql-client-core-5.5
dd if=/dev/zero of=ubuntu.img bs=1MB count=0 seek=4096
mke2fs -F ubuntu.img
mkdir ubuntumnt
sudo mount -o loop ubuntu.img ubuntumnt
sudo tar -C ubuntumnt -zxf armel-rootfs-XXXXXXXXXXXX.tgz
sudo umount ubuntumnt
sudo rm armel-rootfs-XXXXXXXXXXXX.tgz
sudo rm -rf ubuntumnt
cd ..
adb push ubuntu/ /sdcard/ubuntu
NOTE: XXXXXXXXXXXX is the timestamp for the file creation, for example: armel-rootfs-201203201350.tgz
Steps explained:
First, make a directory to store the ubuntu image and scripts
mkdir ubuntu
cd ubuntu
Next, execute rootstock as root. The options can be configured to create the image of your choosing. For example, if you wont be using a GUI in the chroot, you may want to omit the ‘lxde’ and ‘tightvncserver’ packages. You can also modify the image size if you desire as well, but remember that the maximum filesize on a FAT32 filesystem is 4GB (and your sdcard is very likely formatted as FAT32).
sudo rootstock \
–fqdn ubuntu \
–login ubuntu \
–password ubuntu \
–imagesize 4G \
–dist oneiric \
–seed linux-image-omap,build-essential,mysql-server,tightvncserver,lxde,\
mysql-server-core-5.5,mysql-server-5.5,libmysqlclient16,mysql-common,\
mysql-client-core-5.5
Now we need to create a blank filesystem image to extract the rootstock onto. For this task, we use the dd command. Remember to set the seek paramater to match the imagesize you created in the previous step.
dd if=/dev/zero of=ubuntu.img bs=1MB count=0 seek=4096
Use mke2fs to create a new filesystem on the created image file.
mke2fs -F ubuntu.img
Make a directory to serve as a mountpoint for the ubuntu image.
mkdir ubuntumnt
Next we need access to the filesystem we just created. This is accomplished by mounting the image file as a disk using the loopback device.
sudo mount -o loop ubuntu.img ubuntumnt
Now we use tar to extract the contents of the created ARM root filesystem to the image mounted on the loopback. Replace XXXXXXXXXXXX with the timestamp that was created with rootstock. E.g. armel-rootfs-201104151837.tgz
sudo tar -C ubuntumnt -zxf armel-rootfs-XXXXXXXXXXXX.tgz
Now that were finished with the extraction, we can unmount the system image.
sudo umount ubuntumnt
Were now finished with the desktop portion of the install, so can safely remove the tar of the image, and its mountpoint.
sudo rm armel-rootfs-XXXXXXXXXXXX.tgz
sudo rm -rf ubuntumnt
Switch to the parent directory, then use ADB to push the contents of the chroot install to the sdcard.
cd ..
adb push ubuntu/ /sdcard/ubuntu
Clone the scripts from my github repo:
git clone git://github.com/mitchtech/chroot_android.git -b ubuntu
cd chroot_android
tar -cvf ubuntu.tar *
./adb push ubuntu.tar /sdcard/ubuntu/
ADB shell into the device
./adb shell
Get root and change into the Ubuntu directory
su
cd /sdcard/ubuntu
Uncompress the image and scripts:
tar -xvf ubuntu.tar
Next run the installer script.
sh ./installubuntu.sh
Now, to start Ubuntu type ‘startubuntu’. Once Ubuntu started, to gain shell type ‘ubuntu’. To shutdown type ‘stopubuntu’.
startubuntu
ubuntu
If all goes well, you’ll be in the Ubuntu chroot:
If you get ‘[email protected]:/#’ then you know it’s working!
NEW